首页 | 本学科首页   官方微博 | 高级检索  
     

基于DNS日志的高级持续性威胁智能监测方法及应用
引用本文:田毅,赵雪昆,赵亚锋,潘霞. 基于DNS日志的高级持续性威胁智能监测方法及应用[J]. 电信工程技术与标准化, 2021, 34(12)
作者姓名:田毅  赵雪昆  赵亚锋  潘霞
作者单位:中国移动通信集团河北有限公司,石家庄 050021
摘    要:近年来,复杂环境下的高级持续性威胁(APT)防御逐渐成为网络安全关注的重点。APT攻击隐蔽性强,早期发现则危害性较小。文中提出的方法基于DNS日志深度挖掘,通过DGA域名智能检测,APT隧道智能检测等功能维度入手,从DNS日志角度提出APT防御的新思路,实现检测,监控,溯源等一体化功能。论文提出了基于Transformer神经网络和GRU融合算法检测恶意DGA域名和采用统计机器学习算法检测APT攻击通讯的DNS隧道,将早期网络安全防护预警扩展到DNS层面,弥补了网络安全措施对算法生成域名关注度的不足和DNS易被APT潜伏利用的漏洞。通过在实验环境中的深度测试,结果表明论文方法能够较好的应对日益严峻的互联网APT安全威胁。

关 键 词:高级持续威胁  DNS监测  域名生成算法  DNS隧道检测
收稿时间:2021-11-17
修稿时间:2021-11-25

Intelligent APT Detection Method and its Applications based on DNS logs
Tian Yi,Zhao Xuekun,Zhoa yafeng and Pan Xia. Intelligent APT Detection Method and its Applications based on DNS logs[J]. Telecom Engineering Technics and Standardization, 2021, 34(12)
Authors:Tian Yi  Zhao Xuekun  Zhoa yafeng  Pan Xia
Affiliation:Hebei Mobile Communication Co,shijiazhuang,Hebei Mobile Communication Co,shijiazhuang,Hebei Mobile Communication Co,shijiazhuang,Hebei Mobile Communication Co,shijiazhuang
Abstract:In recent years, APT defense has gradually become the key focus of network security. APT attack has strong concealment, while its early detection is less harmful. The proposed method is based on DNS logs, starting from multiple functional dimensions such as DNS log in-depth resolution, DGA domain name AI detection and DNS tunnel detection, putting forward a new idea of apt defense from the perspective of DNS, so as to realize the integrated objective of detection, monitoring, protection and traceability. Transformer and GRU neural network algorithm is used to detect malicious DGA domains and ML to detect the DNS tunnel of APT attack, which makes up for the lack of attention of network security measures to the domain names generated by algorithms, and the vulnerability that DNS is easy to be latent exploited by APT. Through the in-depth test in the experimental environment , the results show that the proposed method can better deal with the increasingly severe Internet APT security threat.
Keywords:APT   DNS monitoring   Domain Generation Algorithm  DNS Tunnel Detection
本文献已被 万方数据 等数据库收录!
点击此处可从《电信工程技术与标准化》浏览原始摘要信息
点击此处可从《电信工程技术与标准化》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号